Merged in feature/assign_ui_session_id (pull request #377)

API-Client Support for SSE and Toast Components
2025-11-14 09:25:43 +01:00 · 2019-12-13 12:21:07 +00:00
parent 401cf791e5 f9cfcd5e93
commit 03425b9e8a
27 changed files with 2145 additions and 1084 deletions
--- a/scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/security/BearerRealmTest.java
@@ -52,7 +52,7 @@ import static org.mockito.Mockito.when;

 /**
 * Unit tests for {@link BearerRealm}.
- * 
+ *
 * @author Sebastian Sdorra
 */
@ExtendWith(MockitoExtension.class)
@@ -84,11 +84,9 @@ class BearerRealmTest {

  @Test
  void shouldDoGetAuthentication() {
-    BearerToken bearerToken = BearerToken.valueOf("__bearer__");
+    BearerToken bearerToken = BearerToken.create("__session__", "__bearer__");
    AccessToken accessToken = mock(AccessToken.class);

-    Set<String> groups = ImmutableSet.of("HeartOfGold", "Puzzle42");
-
    when(accessToken.getSubject()).thenReturn("trillian");
    when(accessToken.getClaims()).thenReturn(new HashMap<>());
    when(accessTokenResolver.resolve(bearerToken)).thenReturn(accessToken);
@@ -96,6 +94,7 @@ class BearerRealmTest {
    when(realmHelper.authenticationInfoBuilder("trillian")).thenReturn(builder);
    when(builder.withCredentials("__bearer__")).thenReturn(builder);
    when(builder.withScope(any(Scope.class))).thenReturn(builder);
+    when(builder.withSessionId(any(SessionId.class))).thenReturn(builder);
    when(builder.build()).thenReturn(authenticationInfo);

    AuthenticationInfo result = realm.doGetAuthenticationInfo(bearerToken);
--- a/scm-webapp/src/test/java/sonia/scm/web/BearerWebTokenGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/web/BearerWebTokenGeneratorTest.java
@@ -1,10 +1,10 @@
 /**
 * Copyright (c) 2014, Sebastian Sdorra
 * All rights reserved.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
- * 
+ *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
@@ -13,7 +13,7 @@
 * 3. Neither the name of SCM-Manager; nor the names of its
 *    contributors may be used to endorse or promote products derived from this
 *    software without specific prior written permission.
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@@ -24,56 +24,82 @@
 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- * 
+ *
 * http://bitbucket.org/sdorra/scm-manager
- * 
+ *
 */

 package sonia.scm.web;

 import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.AuthenticationToken;
-import org.junit.Test;
-import static org.junit.Assert.*;
-import static org.hamcrest.Matchers.*;
-import org.junit.runner.RunWith;
+
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
+
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.Mockito.*;
-import org.mockito.junit.MockitoJUnitRunner;
+import org.mockito.junit.jupiter.MockitoExtension;
 import sonia.scm.security.BearerToken;
+import sonia.scm.security.SessionId;
+import sonia.scm.util.HttpUtil;

 /**
 *
 * @author Sebastian Sdorra
 */
-@RunWith(MockitoJUnitRunner.class)
-public class BearerWebTokenGeneratorTest {
+@ExtendWith(MockitoExtension.class)
+class BearerWebTokenGeneratorTest {
+
+  private final BearerWebTokenGenerator tokenGenerator = new BearerWebTokenGenerator();

  @Mock
  private HttpServletRequest request;
-  
-  private final BearerWebTokenGenerator tokenGenerator = new BearerWebTokenGenerator();

  @Test
-  public void testCreateTokenWithWrongScheme()
-  {
+  void shouldNotCreateTokenWithWrongScheme() {
    when(request.getHeader("Authorization")).thenReturn("BASIC ASD");
-    assertNull(tokenGenerator.createToken(request));
-  }
-  
-  @Test
-  public void testCreateTokenWithoutAuthorizationHeader(){
-    assertNull(tokenGenerator.createToken(request));
-  }
-  
-  @Test
-  public void testCreateToken(){
-    when(request.getHeader("Authorization")).thenReturn("Bearer asd");
+
    AuthenticationToken token = tokenGenerator.createToken(request);
-    assertNotNull(token);
-    assertThat(token, instanceOf(BearerToken.class));
+
+    assertThat(token).isNull();
+  }
+
+  @Test
+  void shouldNotCreateTokenWithoutAuthorizationHeader(){
+    AuthenticationToken token = tokenGenerator.createToken(request);
+
+    assertThat(token).isNull();
+  }
+
+  @Test
+  void shouldCreateToken(){
+    when(request.getHeader("Authorization")).thenReturn("Bearer asd");
+
+    AuthenticationToken token = tokenGenerator.createToken(request);
+    assertThat(token)
+      .isNotNull()
+      .isInstanceOf(BearerToken.class);
+
    BearerToken bt = (BearerToken) token;
-    assertThat(bt.getCredentials(), equalTo("asd"));
+    assertThat(bt.getCredentials()).isEqualTo("asd");
+  }
+
+  @Test
+  void shouldCreateTokenWithSessionId(){
+    doReturn("Bearer asd").when(request).getHeader("Authorization");
+    doReturn("bcd123").when(request).getHeader(HttpUtil.HEADER_SCM_SESSION);
+
+    AuthenticationToken token = tokenGenerator.createToken(request);
+    assertThat(token)
+      .isNotNull()
+      .isInstanceOf(BearerToken.class);
+
+    BearerToken bt = (BearerToken) token;
+    assertThat(bt.getPrincipal()).isEqualTo(SessionId.valueOf("bcd123"));
+    assertThat(bt.getCredentials()).isEqualTo("asd");
  }

 }
--- a/scm-webapp/src/test/java/sonia/scm/web/CookieBearerWebTokenGeneratorTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/web/CookieBearerWebTokenGeneratorTest.java
@@ -35,82 +35,81 @@ package sonia.scm.web;

 //~--- non-JDK imports --------------------------------------------------------

-import org.junit.Test;
-import org.junit.runner.RunWith;
-
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
-import org.mockito.junit.MockitoJUnitRunner;
-
+import org.mockito.junit.jupiter.MockitoExtension;
 import sonia.scm.security.BearerToken;
-
-import static org.junit.Assert.*;
-
-import static org.mockito.Mockito.*;
-
-//~--- JDK imports ------------------------------------------------------------
+import sonia.scm.security.SessionId;
+import sonia.scm.util.HttpUtil;

 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
-import sonia.scm.util.HttpUtil;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.*;
+
+//~--- JDK imports ------------------------------------------------------------

 /**
 *
 * @author Sebastian Sdorra
 */
-@RunWith(MockitoJUnitRunner.class)
-public class CookieBearerWebTokenGeneratorTest
-{
+@ExtendWith(MockitoExtension.class)
+class CookieBearerWebTokenGeneratorTest {
+
+  private final CookieBearerWebTokenGenerator tokenGenerator = new CookieBearerWebTokenGenerator();
+
+  @Mock
+  private HttpServletRequest request;

-  /**
-   * Method description
-   *
-   */
  @Test
-  public void testCreateToken()
-  {
-    Cookie c = mock(Cookie.class);
-
-    when(c.getName()).thenReturn(HttpUtil.COOKIE_BEARER_AUTHENTICATION);
-    when(c.getValue()).thenReturn("value");
-    when(request.getCookies()).thenReturn(new Cookie[] { c });
+  void shouldCreateToken() {
+    assignBearerCookie("value");

    BearerToken token = tokenGenerator.createToken(request);

-    assertNotNull(token);
-    assertEquals("value", token.getCredentials());
+    assertThat(token).isNotNull();
+    assertThat(token.getPrincipal()).isNull();
+    assertThat(token.getCredentials()).isEqualTo("value");
  }

-  /**
-   * Method description
-   *
-   */
  @Test
-  public void testCreateTokenWithWrongCookie()
-  {
+  void shouldCreateTokenWithSessionId() {
+    when(request.getHeader(HttpUtil.HEADER_SCM_SESSION)).thenReturn("abc123");
+
+    assignBearerCookie("authc");
+
+    BearerToken token = tokenGenerator.createToken(request);
+
+    assertThat(token).isNotNull();
+    assertThat(token.getPrincipal()).isEqualTo(SessionId.valueOf("abc123"));
+    assertThat(token.getCredentials()).isEqualTo("authc");
+  }
+
+  private void assignBearerCookie(String value) {
+    assignCookie(HttpUtil.COOKIE_BEARER_AUTHENTICATION, value);
+  }
+
+  private void assignCookie(String name, String value) {
    Cookie c = mock(Cookie.class);

-    when(c.getName()).thenReturn("other-cookie");
-    when(request.getCookies()).thenReturn(new Cookie[] { c });
-    assertNull(tokenGenerator.createToken(request));
+    when(c.getName()).thenReturn(name);
+    lenient().when(c.getValue()).thenReturn(value);
+    when(request.getCookies()).thenReturn(new Cookie[]{c});
  }

-  /**
-   * Method description
-   *
-   */
  @Test
-  public void testCreateTokenWithoutCookies()
-  {
-    assertNull(tokenGenerator.createToken(request));
+  void shouldNotCreateTokenForWrongCookie() {
+    assignCookie("other-cookie", "with-some-value");
+
+    BearerToken token = tokenGenerator.createToken(request);
+    assertThat(token).isNull();
  }

-  //~--- fields ---------------------------------------------------------------
-
-  /** Field description */
-  private final CookieBearerWebTokenGenerator tokenGenerator =
-    new CookieBearerWebTokenGenerator();
-
-  /** Field description */
-  @Mock
-  private HttpServletRequest request;
+  @Test
+  void shouldNotCreateTokenWithoutCookies() {
+    BearerToken token = tokenGenerator.createToken(request);
+    assertThat(token).isNull();
+  }
 }
--- a/scm-webapp/src/test/java/sonia/scm/web/security/DefaultAdministrationContextTest.java
+++ b/scm-webapp/src/test/java/sonia/scm/web/security/DefaultAdministrationContextTest.java
@@ -0,0 +1,72 @@
+package sonia.scm.web.security;
+
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadContext;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class DefaultAdministrationContextTest {
+
+  private DefaultAdministrationContext context;
+
+  @Mock
+  private Subject subject;
+
+  @BeforeEach
+  void create() {
+    Injector injector = Guice.createInjector();
+    SecurityManager securityManager = new DefaultSecurityManager();
+
+    context = new DefaultAdministrationContext(injector, securityManager);
+  }
+
+  @Test
+  void shouldBindSubject() {
+    context.runAsAdmin(() -> {
+      Subject adminSubject = SecurityUtils.getSubject();
+      assertThat(adminSubject.getPrincipal()).isEqualTo("scmsystem");
+    });
+  }
+
+  @Test
+  void shouldBindSubjectEvenIfAlreadyBound() {
+    ThreadContext.bind(subject);
+    try {
+
+      context.runAsAdmin(() -> {
+        Subject adminSubject = SecurityUtils.getSubject();
+        assertThat(adminSubject.getPrincipal()).isEqualTo("scmsystem");
+      });
+
+    } finally {
+      ThreadContext.unbindSubject();
+    }
+  }
+
+  @Test
+  void shouldRestoreCurrentSubject() {
+    when(subject.getPrincipal()).thenReturn("tricia");
+    ThreadContext.bind(subject);
+    try {
+      context.runAsAdmin(() -> {});
+      Subject currentSubject = SecurityUtils.getSubject();
+      assertThat(currentSubject.getPrincipal()).isEqualTo("tricia");
+    } finally {
+      ThreadContext.unbindSubject();
+    }
+  }
+
+}